Slim.AI has released a version of its automated container security remediation platform through an early access program, which is now available for download. easier to integrate into a DevOps workflow†
John Amaral, CEO of Slim.AI, said integration is achieved through connectors to various continuous integration/continuous delivery (CI/CD) platforms that the company now offers for its software-as-a-service (SaaS) offerings that is hosted on Amazon Web Services (AWS) cloud.
Earlier this year, Slim.AI launched a platform of the same name that uses machine learning algorithms to shrink and optimize containers before deploying them to a production environment. Many of the containers developers try to deploy in a production environment are larger than they need to be because unnecessary code is encapsulated or because the code is organized inefficiently.
The platform can also be used to automatically replace containers with known vulnerabilities, Amaral adds. That capability makes it easier to shift responsibility for security further to developers by preventing those vulnerabilities from being included in the build at all, he notes.
In general, there is no longer a tolerance for sending known vulnerabilities within an application, especially in the wake of a series of high-profile security breaches, Amaral says. Organizations of all sizes are rethinking software supply chains to ensure applications in production environments are not as easily compromised as they are today, he adds.
In theory, containerized applications should be more secure than legacy monolithic applications because it is easier to rip and replace containers than to patch a full monolithic application. However, Slim.AI advocates a platform that prevents unsafe containers from ever being deployed in a production environment, Amaral says.
It is not clear how widely AI will be applied to automate DevOps processes. Given the reliance of application development and deployment activities still on manual processes, there are plenty of opportunities to deploy machine learning algorithms to automate a wide variety of processes. Most organizations using containers will not be able to achieve the developer productivity levels needed to deploy microservices-based applications at scale without relying more on AI.
DevOps proponents are naturally committed to automating IT as relentlessly as possible, and will obviously be at the forefront of AI adoption. The real challenge is to gain enough trust in those AI platforms to rely on the recommendations and actions being taken; today’s complex tasks and processes require a lot of manual intervention to get right. At the moment, however, the question is not whether AI will be applied to DevOps, but to what extent.
In the meantime, containers will continue to push the boundaries of most existing manual processes. Many DevOps teams today spend an inordinate amount of time on manual processes that prove unsustainable as more applications are deployed.
Related